Extending the Casper Suite with Dummy Packages

Adding custom management hooks

by Miles A. Leacy IV

Introduction

The Casper Suite by JAMF Software provides a robust management framework for automating system administration tasks. Through Smart Computer Groups, management policies can be assigned to machines that fit certain criteria such as computer name, IP address range and installed software packages, to name a few. In order to meet the challenges and demands of administering a set of Macs, system administrators will, on occasion, find that they would like to assign policies to or create Smart Computer Groups based on criteria that are not built in to the Casper Suite.

The Casper Suite's abilities to run shell scripts and track installed software packages on client Macs allow us to functionally extend our ability to create Smart Computer Groups to include nearly any criteria the system administrator requires. By using a shell script, we can check for desired criteria, and if found, cause a "dummy" package to be installed. We can then use the receipt from this package as criteria for a Smart Computer Group.

For the example in this article, we will assume that we would like to put all Macs that have pending firmware updates into a Smart Computer Group called Firmware Updates Available. A system administrator could run a report that lists the members of this Smart Computer Group. This report can serve as a list of Macs that a technician will need to visit to perform the updates since firmware updates are one of the few administrative items that cannot be automated.

Components

There are five components to this technique; a script to check for desired criteria and trigger a policy to install the dummy package when the criteria are met, a policy to run the script, a custom-triggered policy to install the dummy package, the dummy package itself, and a Smart Computer Group consisting of computers with a receipt for the dummy package.

Script

The first item we need is the script. This script will check for the desired criteria, in this case, whether a Mac has available firmware updates. If the criteria are found, the script will trigger a policy using the custom trigger firmwareUpdatesAvailable. If the criteria are found, the script will delete the receipt for a package called firmwareUpdatesAvailable.pkg. This structure will allow the script to act as a toggle, adding or removing the package receipt depending on whether the designated criteria are found. This script uses the jamf command line tool present on all Macs managed by the Casper Suite. For our example, we will use the script below:

#!/bin/bash
##### HEADER BEGINS #####
# filename: scr_sys_findFirmwareUpdates.bash
#
# This script is provided "as is".
# The author offers no warranty or guarantee of any kind.
# Use of this script is at your own risk.
# The author takes no responsibility for loss of use,
# loss of data, or any other negative effects.
#
# Test thoroughly in a lab environment
# before use on production systems.
#
# This script checks for available firmware updates. If found,
# a policy to install a dummy package is triggered.
#
##### HEADER ENDS #####
# store the number of available firmware updates
# in the variable $fwupdate
fwupdate=`softwareupdate -l | grep -c Firmware`
# if there are firmware updates available,
# issue the custom trigger "firmwareUpdatesAvailable"
#
# if no firmware updates are available,
# delete the receipt for firmwareUpdatesAvailable.pkg
if [ $fwupdate -gt 0 ]
then
jamf policy -trigger firmwareUpdatesAvailable
else
rm -R /Library/Receipts/firmwareUpdatesAvailable.pkg
rm –R /Library/Application\ Support/JAMF/Receipts/firmwareUpdatesAvailable.pkg
fi
exit 0

Once you have saved your script, set its permissions to allow execution by typing the following command in Terminal.app (adding the executable permission to all):

chmod a+x /path/to/scr_sys_findFirmwareUpdates.bash

You will then need to add the script to your JSS using the Casper Admin application. If you are unfamiliar with this process you may review the Casper Suite Documentation (referenced at the end of this article).

This script is specific to our example, but by altering the if statement and supplying any supporting variables, you can check for any criteria that you can find with a script. When writing your own scripts for dummy packages, be sure that your trigger matches the custom trigger used in the policy that installs your dummy package (discussed below), and that the rm commands matches the receipts for your dummy package. Receipts for Apple .pkg format packages are stored at /Library/Receipts/packageName.pkg. The Casper Suite stores receipts at /Library/Application Support/JAMF/Receipts/packageName.pkg. and /Library/ApplicationSupport/JAMF/Receipts/packageName.dmg for Apple .pkg format packages and .dmg format packages built by Composer, the packaging application component of the Casper Suite, respectively.

Criteria-Checking Policy

This policy should run on all Macs that you would like to check for the desired criteria and will run the script we discussed above as a "before" script. If you're familiar with adding scripts to a policy in the Casper Suite, you may want to skip to the next section.

Log in to you're the web interface on your JAMF Software Server (JSS), and create a new policy by clicking the Management tab, then Policies, and Create New Policy… In the policy editor's General tab, give your policy an appropriate name, and a category if you wish. Categories are created in the Casper Admin application or through the Casper Admin link in the JSS' Admin tab and can be invaluable for keeping your list of policies organized and readable. For details and instructions, see the Casper Suite Documentation referenced at the end of this article. The criteria-checking policy's Triggered By: event will depend on your needs, but for this example, we'll choose startup. Selecting Ongoing in the Execution Frequency: field will ensure that this policy runs each time the target Macs are booted. Figure 1 illustrates how the General tab should look when we're done configuring it.

Figure 1. Criteria-Checking Policy General Tab

Once the General tab is configured, we'll click the Scope tab. Don't click the Save Policy button yet. Doing so will exit the policy editor. The changes we make in each tab will be saved until we exit the policy editor allowing us to navigate through the tabs freely until we're certain that the policy is configured as we need it to be. In the Scope tab, we'll select the radio button next to Assign to All Computers. This will ensure that this policy will be run on all Macs that are managed by the Casper Suite.

Next, we'll select the Scripts tab in the policy editor. In the Scripts tab, we will add our script to the policy. The script we're using in this example is called scr_sys_findFirmwareUpdates.bash. Click the Add Script link, then choose Run Before under the scr_sys_findFirmwareUpdates.bash entry and finally, click the Add Script(s) button.

Figure 2. Criteria-Checking Policy Scripts Tab

The last item we'll add to this policy is the Update Inventory action. Select the Advanced tab in the policy editor, then click the checkbox next to Update Inventory, then click the Save Policy button. Updating inventory is very important for our purposes, because until inventory data is updated, Macs with the desired criteria will fail to appear in the proper Smart Computer Group. Once you have saved the policy, you should see it listed along with any other policies already configured on your JSS. If you click the Show Plan link next to the new policy, the plan should look like Figure 3.

Figure 3. Criteria-Checking Policy Plan

The Dummy Package

The dummy package is the core of this technique. It is simply a package that does not contain any software to be installed. You can use Composer, the packaging tool provided with the Casper Suite, or your favorite package editing application to create this package. The only item of importance in this package is its name. You should choose a name that is descriptive of what you are using the package to identify; in this case, we will use the name firmwareUpdatesAvailable.pkg. Once created, the package is added to the JSS using Casper Admin.

If you would like to be able to use the indexing feature in Casper Admin with your dummy package in order to allow the Casper Suite to uninstall the dummy package, you will need to have at least one file in your package. /Library/DummyPackages/packageName.txt is suggested, but any convention that makes sense to you will do.

If you are unfamiliar with package creation, adding packages to the JSS or package indexing, you may review the Casper Suite Documentation (referenced at the end of this article).

Custom-Triggered Policy

In the script discussed above, we used the command jamf policy -trigger firmwareUpdatesAvailable. This tells the jamf command line tool on the client Mac to consult the JSS and execute any policies that are scoped to this Mac and triggered by the custom trigger firmwareUpdatesAvailable. Now we'll create the policy that is triggered by this custom trigger and will install the dummy package. If you are familiar with creating custom-triggered policies, you may want to skip this section.

As before, we'll create a new policy. Click Management, then Polices, then Create New Policy… In the General tab, we'll give the policy a descriptive name, and select other (Manually specify the run at action in this field) --> from the Triggered By: menu. In the text field next to the Triggered By: menu, type the custom trigger (firmwareUpdatesAvailable, for our example).

Figure 4. Custom-Triggered Policy General Tab

In the Scope tab, we'll select Assign to All Computers again.

Next, we'll select the Packages tab, and click the Add Package link. This will bring us to the package selection page seen in Figure 5. In the Action menu next to firmwareUpdatesAvailable.pkg, select Install then click the Add Package(s) button.

Figure 5. Custom-Triggered Policy Package Selection

Once again, select the Advanced tab, click the Update Inventory checkbox, then click the Save Policy button. When you're finished, the policy plan should look like the plan shown in Figure 6.

Figure 6. Custom-Triggered Policy Plan

Smart Computer Group

Once the two policies above have run, the package firmwareUpdatesAvailable.pkg will be installed on any managed Macs with available firmware updates. We can now create a Smart Computer Group containing all Macs with a receipt for this package. If you are familiar with creating Smart Computer Groups with the Casper Suite, you may skip this section.

To create our Smart Computer Group, we'll log in to our JSS, select the Management tab, click the Smart Computer Groups link, and then click the New Smart Computer Group button. This takes us to the Edit Smart Computer Group interface. Here, we will type Firmware Updates Available in the Computer Group Name: field. Then, we click the + button next to Receipts Info. This opens a pop-up window, where we will click Packages Installed By Casper. This adds a line under the Receipts Info header called Packages Installed By Casper. We'll leave the drop down menu set to has and click the ellipsis (…) next to the text field. This will present us with a pop up window listing all of the packages that the Casper Suite is currently tracking. We'll click firmwareUpdatesAvailable.pkg in this list, which will populate the text field and return us to the Edit Smart Computer Group interface. At this point, our interface should look like Figure 7. Click the Save Group button to save the Smart Computer Group.

Figure 7. Edit Smart Computer Group

Once you save the Smart Computer Group, you are taken to a list of all Smart Computer Groups in your JSS. If you click the View Members button next to the Firmware Updates Available group, you will be shown a list of all Macs in your JSS that have a receipt for the firmwareUpdatesAvailable.pkg package. This is the same view you would see if you ran an advanced search in your JSS' Inventory tab using the Firmware Updates Available computer group as your search criteria.

Figure 8. Firmware Updates Available
Smart Computer Group Members

Conclusion

By using dummy packages, you can extend the management capabilities of the Casper Suite to allow you to group computers based on criteria that are not built in to the software. The dummy package technique has been used to track such items as Active Directory group membership, battery cycles & charge capacity, computers with a Windows installation and many more. Any information you can test for in a script can be used as criteria for a dummy package. This technique is limited only by your imagination and your scripting skills.

For Further Reference

As mentioned throughout this article, you can learn more about the various functions of the Casper Suite from the Casper Suite 6.0 Documentation available at the link below.